diff --git a/checklists/alz_checklist.en.json b/checklists/alz_checklist.en.json
index f980fd7ab..14fa16d8c 100644
--- a/checklists/alz_checklist.en.json
+++ b/checklists/alz_checklist.en.json
@@ -668,6 +668,7 @@
             "guid": "143b16c3-1d7a-4a9b-9470-4489a8042d88",
             "id": "D01.03",
             "severity": "High",
+            "graph": "resources | where type =~ 'microsoft.network/publicIPAddresses' | extend properties = parse_json(properties) | project id, name, location, ddosProtectionPlan = properties.ddosSettings.protectionPlan | extend compliant = iff(isnotempty(ddosProtectionPlan), 1, 0) | where compliant == 1  project id, compliant",
             "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/",
             "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview"
         },
diff --git a/checklists/waf_checklist.en.json b/checklists/waf_checklist.en.json
index 9d80e333a..5fca80cb9 100644
--- a/checklists/waf_checklist.en.json
+++ b/checklists/waf_checklist.en.json
@@ -4674,6 +4674,7 @@
             "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview",
             "service": "VNet",
             "severity": "High",
+            "graph": "resources | where type =~ 'microsoft.network/publicIPAddresses' | extend properties = parse_json(properties) | project id, name, location, ddosProtectionPlan = properties.ddosSettings.protectionPlan | extend compliant = iff(isnotempty(ddosProtectionPlan), 1, 0) | where compliant == 1  project id, compliant",
             "text": "Use a DDoS Network or IP protection plan for all public IP addresses in application landing zones.",
             "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/",
             "waf": "Security"